MGASA-2014-0546

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0546.html

Import Source

https://advisories.mageia.org/MGASA-2014-0546.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2014-0546

Related

CVE-2014-9390

Published

2014-12-23T20:35:35Z

Modified

2014-12-23T20:28:46Z

Summary

Updated git packages fix security vulnerability

Details

It was reported that git, when used as a client on a case-insensitive filesystem, could allow the overwrite of the .git/config file when the client performed a "git pull". Because git permitted committing .Git/config (or any case variation), on the pull this would replace the user's .git/config. If this malicious config file contained defined external commands (such as for invoking and editor or an external diff utility) it could allow for the execution of arbitrary code with the privileges of the user running the git client (CVE-2014-9390).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / git

Package

Name: git
Purl: pkg:rpm/mageia/git?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.5.6-1.mga4

Ecosystem specific

{
    "section": "core"
}